Internet trading site collective2.com hacked

Wednesday, December 30, 2009

Davis D. Janowski reports:

Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company’s computer database had been breached by a hacker and that all users should log in to change their passwords immediately.

That e-mail, from Collective2 LLC founder Matthew Klein, stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information.

In addition, the e-mail went on to state: “We have contacted federal and state law enforcement authorities, who we hope will track down and prosecute the person responsible. More important: we have changed our database security, locked down our servers and altered our website in order to prevent similar attacks. We are also notifying the three credit bureaus — Equifax, Experian and TransUnion — of the breach.”

A notice on collective2.com’s web site at the time of this posting reads:

Security Notice to Our Customers

We are sending out emails to all of our customers explaining that a hacking attempt has potentially compromised customers’ personal data. The email you may have received is real, as are these unfortunate circumstances. We believe we have eliminated the security flaw the hacker exploited. If you have an account with us, it is important you change your account password.

Michael Menefee
never fails to amaze me how "easy" it seems for companies who have been breached to secure their servers...you think it would have been that easy in the first place...I never trust statements like this from the damned.